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ABSTRACT OF THE DISCLOSURE 


A communication network includes an SS7 Security Gatekeeper that authenticates 
and validates network control messages within, transiting, entering and leaving an 
overlying control fabric such as an SS7 network. The SS7 Security Gatekeeper 
incorporates several levels of checks to ensure that messages are properly authenticated, 
valid, and consistent with call progress and system status. In addition to message format, 
message content is checked to ensure that the originating node has the proper authority 
to send the message and to invoke the related functions. Predefined sets of templates 
may be used to check the messages, each set of templates being associated with 
respective originating point codes and/or calling party addresses. The templates may also 
be associated with various system states such that messages corresponding to a particular 
template cause a state transition along a particular edge to a next state node at which 
another set of templates are defined. Thus, system and call state is maintained. The 
monitor also includes signaling point authentication using digital signatures and 
timestamps. Timestamps are also used to initiate appropriate timeouts and so that old or 
improperly sequenced message may be ignored, corrected or otherwise processed 
appropriately. The SS7 Security Gatekeeper may be located at the edge of a network to 
be protected so that all messaging to and from the protected network most egress by way 
of the Gatekeeper. Alternatively, the SS7 Security Gatekeeper may be internal to the 
protected network and configured as a "pseudo switch" so that ISUP messaging is routed 
through the Gatekeeper while actual traffic is trunked directly between the associated 
SSPs, bypassing the Gatekeeper. 
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